Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Microsoft Ships URL Tracer to Hunt Down Typo-Squatters

Microsoft's Cybersecurity and Systems Management group releases a free tool to help pinpoint large-scale typo-squatters making money from pay-per-click domain parking services.

Microsoft Research has released a new tool to help pinpoint large-scale typo-squatters that are known to be gaming pay-per-click domain parking services.

The lightweight prototype, called Strider URL Tracer, builds on the work within Microsofts Cybersecurity and Systems Management group to keep tabs on a sophisticated typo-squatting scheme that uses multilayer URL redirection to make money from Googles AdSense for domains program.

Yi-Min Wang, who heads up the groups work in Redmond, Wash., said URL Tracer can be used as a parental control tool to block inappropriate ads from being served from Web sites that are set up to deliberately lure kids who accidentally misspell a popular domain.

One live example, Wang said, is the way the virtual pet site at NeoPets.com has been targeted by typo-squatters to serve pornographic-themed ads if it is misspelled. One such misspelling, neoppets.com, is currently serving ads promising naked photos of Britney Spears or other adult images.

He said the group analyzed typo-squatting on 50 popular childrens sites and found more then 7,000 typo-domains. About 2,685 of those domains were active, and a total of 110 were serving questionable content.

"Four domains redirected to adult sites directly, 36 domains contained at least one conspicuous link to an adult site, and the remaining domains displayed at least one conspicuous adult-category link to a page of adult ads listings," Wang said.

Most of the ads were being served from Oingo.com, a domain parking service that powers Googles popular Adsense for domains program. The domain parking service is aimed at Web sites that generate more than 750,000 page views per month and, according to Googles own boast, Adsense for domains is now powering over 3 million domain names.

"This is a huge, lucrative business," Wang said, noting that the typo-squatters have been monitoring his groups published work "on a daily basis" and have been moving domains being parking services to dodge detection.

Wangs group has meticulously tracked the typo-squatting scheme for several months as part of its Strider Typo-Patrol project, and he says its clear that big-name trademark owners with high-traffic Web sites are a major target.

In an interview with eWEEK, Wang said URL Tracer can also serve as a typo-patrol tool used by trademark owners who want to monitor typo-domains. "It is often too expensive for target-domain owners to investigate and take actions against a large number of individual typo-domains," he said, adding that a feature built into URL Tracer can take a target domain name and automatically generate and scan its typo-neighborhood.

The tool uses five programmatic typo-generation models—deliberate missing-dot typos, character omission typos, character permutation typos, character replacement typos and character insertion typos—to pinpoint potential domain-registration structures that are being used to steal traffic from large brands.